I am the president and CEO of Aveksa, a leading provider of business-driven Identity and Access Management software solutions. I'm an accomplished, results-driven software executive with over 20 years of experience in global sales operations, marketing, business development, consulting, product management and engineering. Prior to joining Aveksa, I held senior management positions at BMC Software, BladeLogic, RishiSoft, and Cabletron. I've been awarded six patents in the U.S. and internationally for my work in IT management software systems. I hold a BSEE from IIT India, an MSCE from the University of Massachusetts, and an MBA in Marketing and Finance from Boston University School of Management.

Lessons Learned From Sochi's 'Ring of Steel'

Writing about the Sochi Olympics’ shortcomings feels a bit like piling on. Shoddy workmanship, decidedly un-brisk 65 degree weather, Bob Costa’s double pink eye, and bathroom doors that require a MacGyver-esque level of ingenuity to open have been reported and re-reported, tweeted, and lampooned. @Sochiproblems has more followers than the game’s official Twitter account, GQ wondered aloud if this was the worst Olympics ever— heck, even the New Yorker joined in on the fun. But now, less than two weeks after the conclusion of the 22nd Olympiad, no one is mentioning its phenomenal security success.

And it’s too bad, because the “Ring of Steel” worked flawlessly. Tasked with defending Sochi and her visiting Olympians from potential terrorist attacks, the Russians constructed a barricade of some 100,000 people, drones, and anti-missile systems along the city’s border. What was dubbed a travel-at-your-own-risk Olympics Games went off without a (security) hitch because the Russians understood the necessary precautions needed to protect against today’s threat landscape.

It’s a lesson that should be translated into the digital world.

Let me explain: Like the “Ring of Steel” preventing unauthorized access to Olympic events, enterprises need to establish a perimeter surrounding user entitlements designed so that only authorized users are allowed in certain “areas” or, in this case, applications. Inappropriate access makes the enterprise susceptible to data breaches, which can then lead to sizeable losses in revenue in the form of lost business, a damaged reputation, and regulatory compliance fees. Just as a terrorist attack could call into question the viability of the modern Olympic Games, so too can an external—or internal—breach on the enterprise.

Don’t believe me? Just run a quick GoogleGoogle search on recent data breaches at major businesses. It’s a big deal, and a lot of them were so well executed that major industry analysts argue that, given many organizations adherence to stringent security protocols, breaches are originating from sophisticated users with inappropriate access. As the Olympic security team knew, the solution is about making sure the right people are in the right places.

But unlike the static wall surrounding Sochi, the “Ring of Steel” around user entitlements requires frequent review and remediation as roles and access privileges change. This “Ring of Steel” is in state of flux, as entitlements need to be perpetually open or shut, added to or subtracted from. When one entitlement fails, when user access is not appropriate, the whole system could be compromised.. Solving this problem is not done by a firewall or a blanket, (not so) preventative cybersecurity product but an Identity and Access Management solution. By understanding entitlements at a fine-grained level, IAM can ensure that of proper access is always working, providing accurate insight into user access across the entire enterprise.

In fact, the concept of a “Ring of Steel” was championed by many security professionals at last week’s RSA Conference 2014. And with the largest attendance in record; 29,000 IT professionals can’t possibly be wrong.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.